package com.bjpowernode.shop.config;

import cn.hutool.core.io.FileUtil;
import org.apache.commons.io.FileUtils;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import java.io.IOException;
import java.nio.charset.Charset;

/*
    资源服务器：
        校验token的合法性
 */
@Configuration
// 开启资源服务器，所有的请求必须携带token才可以被访问
@EnableResourceServer
// 开启方法级别的权限控制
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        // 创建jwt的令牌的转换器
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        // 将公钥信息读取到内存中
        ClassPathResource classPathResource = new ClassPathResource("rsa/abai.txt");
        try {
            String publicKey = FileUtil.readString(classPathResource.getFile(), Charset.defaultCharset());
            // 设置公钥信息，来对token进行校验
            jwtAccessTokenConverter.setVerifierKey(publicKey);
        } catch (IOException e) {
            e.printStackTrace();
        }
        return jwtAccessTokenConverter;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(tokenStore());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
// 允许跨域访问
        http.csrf().disable();
        http.cors().disable();
        // 关闭session管理
        http.sessionManagement().disable();
        // 授权操作
        http.authorizeRequests().antMatchers("/v2/api-docs",  // swagger  druid ...
                        "/v3/api-docs", "/swagger-resources/configuration/ui",  // 用来获取支持的动作
                        "/swagger-resources",                   // 用来获取api-docs的URI
                        "/swagger-resources/configuration/security",// 安全选项
                        "/webjars/**",
                        "/swagger-ui/**",
                        "/druid/**",
                        "/actuator/**",
                        "/p/order/aliPayNotify"
                )
                // 放行上面的资源放行
                .permitAll()
                // 其余的任何请求
                .anyRequest()
                // 必须登录后才可以被访问
                .authenticated();
    }
}
